Security Information / 1999 / Security Information -- kernel

Debian Security Advisory

kernel -- Denial of service in 2.2-series kernel

Date Reported:

07 Jun 1999

Affected Packages:

kernel-image

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-1999-0804.

More information:

Linux 2.2.x kernels had a problem with parsing IP options, which made them susceptible to a DoS attack. The Debian GNU/Linux 2.1 release (slink) for the Sun sparc architecture uses such a kernel. If you are using such a system and haven't upgraded the kernel yourself, we recommend that you upgrade your kernel-image package immediately. If you have a sun4u system please use kernel-image-2.2.9-sun4u, otherwise use the normal kernel-image-2.2.9 package. Only the sparc architecture uses a 2.2 kernel by default in the slink release.

Fixed in:

Sparc:
http://security.debian.org/dists/stable/updates/binary-sparc/kernel-headers-2.2.9_2.2.9-2_sparc.deb
http://security.debian.org/dists/stable/updates/binary-sparc/kernel-image-2.2.9-sun4u_2.2.9-2_sparc.deb
http://security.debian.org/dists/stable/updates/binary-sparc/kernel-image-2.2.9_2.2.9-2_sparc.deb